Ryan Naraine

Exactly one year after the introduction of the Common Vulnerability Scoring System as a vendor-neutral standard to get around the confusion of measuring the severity of security flaws, the ambitious initiative appears stalled by the indifference of some of its own heavyweight backers. The standard, which was unveiled a year ago at the RSA Conference, […]

Microsofts security response center wont be playing Cupid this Valentines Day. On Feb. 14, the Redmond, Wash.-based software plans to release seven security bulletins with patches for multiple software vulnerabilities, at least two of which will be rated critical, the companys highest severity rating. One of the critical bulletins will address remote exploitable code execution […]

Thousands of Web sites in Denmark and Europe have been hacked and defaced in apparent retaliation for the publication of cartoons satirizing the Prophet Muhammad. According to Zone-H.org, an outfit that tracks server intrusions worldwide, more than 600 attacks against Web servers in Denmark have been recorded. Servers in Israel and Europe have also been […]

Microsoft late Feb. 7 issued two separate advisories with pre-patch workarounds for a privilege escalation vulnerability in Windows and a new code execution hole in older versions of the Internet Explorer browser. The IE flaw could allow an attacker to use a rigged WMF (Windows Metafile) image to take complete control of an affected Windows […]

Microsoft plans to start selling the Windows OneCare Live PC security bundle for $49.95 a year for up to three personal computers. The service, which has gone through several beta revisions, will hit the market in June this year as a self-updating utility featuring virus scanning, firewall protection, data backup and PC cleanup tools. The […]

Microsofts security response team is investigating reports of a remotely exploitable buffer overflow in HTML Help Workshop, the standard help system for the Windows platform. The software vendors investigation follows the public release of a proof-of-concept exploit for the flaw, which is caused by a boundary error within the handling of a “.hhp” file. Security […]

Just two years after shelling out $23 million to acquire ActiveState, anti-virus vendor Sophos has offloaded the company to Pender Financial Group, a Canadian venture capital firm. Financial terms of the transaction were not disclosed. The deal is expected to close within the next 30 days, the companies announced Feb. 6. For Sophos, the decision […]

The idea of delivering software as Web applications over the Internet isnt exactly new. In the 1990s, at the height of the dot-com boom, the application service provider model enjoyed moderate success. Today, with AJAX-based Web applications all the rage, the model has made a dramatic comeback, but with the same old security concerns. “The […]

Web and print publishing software maker Adobe Systems has pushed out security patches to cover a potentially serious code execution flaw in the Adobe Creative Suite 2 platform. The flaw, which carries an “important” rating, affects Adobe Creative Suite 2, Adobe Photoshop CS2 and Adobe Illustrator CS2 on both Windows and Mac OS platforms. San […]

Marc Maiffret is a worried man. The chief hacking officer and co-founder of eEye Digital Security looks at the rising popularity of hosted Web applications and sees a future where legitimate bug hunters are blocked from auditing popular product for security flaws. “How can you do an independent code audit when you have no access […]